Java: exclude overloads of finalize

2026-04-22 07:15:15 +02:00 · 2025-03-27 19:33:38 -04:00
parent f73eda0c38
commit ed22a16f32
5 changed files with 14 additions and 15 deletions
--- a/Calls/DoNotCallFinalize.md
+++ b/Calls/DoNotCallFinalize.md
@@ -1,10 +1,10 @@
 ## Overview

-Calling `finalize` in application code may cause inconsistent program state or unpredicatable behavior.
+Calling `finalize()` in application code may cause inconsistent program state or unpredicatable behavior.

 ## Recommendation

-Avoid calling `finalize` in application code. Allow the JVM to determine a garbage collection schedule instead.
+Avoid calling `finalize()` in application code. Allow the JVM to determine a garbage collection schedule instead.

 ## Example

@@ -19,7 +19,7 @@ public class Test {

 # Implementation Notes

-This rule is focused on the use of existing `finalize` invocations rather than attempts to write a custom implementation.
+This rule is focused on the use of existing `finalize()` invocations rather than attempts to write a custom implementation.

 ## References

--- a/Calls/DoNotCallFinalize.ql
+++ b/Calls/DoNotCallFinalize.ql
@@ -1,8 +1,8 @@
 /**
 * @id java/do-not-call-finalize
 * @previous-id java/do-not-use-finalizers
- * @name Do not call `finalize`
- * @description Calling `finalize` in application code may cause
+ * @name Do not call `finalize()`
+ * @description Calling `finalize()` in application code may cause
 *              inconsistent program state or unpredicatable behavior.
 * @kind problem
 * @precision high
@@ -16,13 +16,13 @@ import java

 from MethodCall mc
 where
-  mc.getMethod().hasName("finalize") and
-  // The Java documentation for `finalize` states: "If a subclass overrides
+  mc.getMethod() instanceof FinalizeMethod and
+  // The Java documentation for `finalize()` states: "If a subclass overrides
  // `finalize` it must invoke the superclass finalizer explicitly". Therefore,
-  // we do not alert on `super.finalize` calls that occur within a callable
+  // we do not alert on `super.finalize()` calls that occur within a callable
  // that overrides `finalize`.
  not exists(Callable caller, FinalizeMethod fm | caller = mc.getCaller() |
    caller.(Method).overrides(fm) and
    mc.getQualifier() instanceof SuperAccess
  )
-select mc, "Call to 'finalize'."
+select mc, "Call to 'finalize()'."
--- a/java/ql/src/change-notes/2025-03-20-do-not-call-finalize.md
+++ b/java/ql/src/change-notes/2025-03-20-do-not-call-finalize.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* Added a new quality query, `java/do-not-call-finalize`, to detect calls to `finalize`.
+* Added a new quality query, `java/do-not-call-finalize`, to detect calls to `finalize()`.
--- a/java/ql/test/query-tests/DoNotCallFinalize/DoNotCallFinalize.expected
+++ b/java/ql/test/query-tests/DoNotCallFinalize/DoNotCallFinalize.expected
@@ -1,2 +1 @@
-| Test.java:4:9:4:23 | finalize(...) | Call to 'finalize'. |
-| Test.java:25:9:25:33 | finalize(...) | Call to 'finalize'. |
+| Test.java:4:9:4:23 | finalize(...) | Call to 'finalize()'. |
--- a/java/ql/test/query-tests/DoNotCallFinalize/Test.java
+++ b/java/ql/test/query-tests/DoNotCallFinalize/Test.java
@@ -10,7 +10,7 @@ public class Test {

    @Override
    protected void finalize() throws Throwable {
-        // COMPLIANT: If a subclass overrides `finalize`
+        // COMPLIANT: If a subclass overrides `finalize()`
        // it must invoke the superclass finalizer explicitly.
        super.finalize();
    }
@@ -20,9 +20,9 @@ public class Test {
        System.out.println(s);
    }

-    // NON_COMPLIANT: call to overload of `finalize`
+    // COMPLIANT: call to overload of `finalize`
    void f2() throws Throwable {
-        this.finalize("overload"); // $ Alert
+        this.finalize("overload");
    }

 }